Member Data Rights
Helpful Information for Members
What should a member know before letting a third-party app get their health care data?
Members should think about:
- Has the app been passed by any regulatory agency?
- What health data will this app collect?
- Will this app collect non-health data from my phone, such as my location?
- How will this app use my data?
- Will this app show my data to third parties?
- Will this app sell my data for any reason, such as advertising or research?
- Will this app share my data for any reason? If so, with whom? For what reason?
- How can I limit this app’s use and release of my data?
- What safety steps does this app use to protect my data?
- What impact could sharing my data with this app have on others, such as my family members?
- How does this app let users know of changes that could change its privacy practices?
- How can I use my data and fix mistakes in data saved by this app?
- Does this app have a way of taking in and answering a user complaint?
- If I don’t want to use this app anymore, or if I don’t want this app to use my health data, how do I stop the app from getting my data?
- What is the app’s policy for removing my data once I stop using it? Do I have to do more than just delete the app from my phone?
What are a member’s rights under the Health Insurance Portability and Accountability Act (HIPAA) and who must follow HIPAA?
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules, and the member Safety Act and Rule. You can find more information about member rights under HIPAA and who is obligated to follow HIPAA.
You may also want to share with members the HIPAA FAQs for Individuals.
Are third-party apps covered by HIPAA?
The FTC gives information about mobile app privacy and security for consumers.
What should a member do if they think their data have been breached or an app has used their data incorrectly?
To file a complaint, members should follow the below listed rules.
- To learn more about filing a complaint with OCR under HIPAA, visit: hhs.gov/hipaa/filing-a-complaint/index.html
- Individuals can file a complaint with OCR using the OCR complaint portal.
- Individuals can file a complaint with the FTC using the FTC complaint helper.